PromptForward

API Keys

Overview

API Keys enable external applications and services to securely access your PromptForward prompts programmatically. Each API key can be configured with granular permissions to control which prompts and LLM providers it can access.

API key detail page with permissions management

Creating an API Key

  1. Navigate to API Keys in the sidebar
  2. Click + New API Key
  3. Enter a descriptive name
  4. Click Create
  5. Copy the generated API key

Managing Permissions

  1. Click on an API key to open its detail page
  2. Click Add Permission
  3. Toggle Allow All Prompts or select a specific prompt
  4. Toggle Allow All Providers or select a specific provider
  5. Click Add Permission

Using API Keys

Include your API key in the Authorization header:

curl -X POST https://api.promptforward.dev/api/inference \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "prompt_id": "your_prompt_id",
    "provider_id": "your_provider_id",
    "model": "gpt-4",
    "variables": {
      "user_query": "How do I reset my password?"
    }
  }'

Best Practices

  • Use descriptive names - Indicate the key's purpose clearly
  • Apply least privilege - Only grant necessary permissions
  • Rotate keys regularly - Update keys periodically for security
  • Never share keys - Each application should have its own key
  • Store securely - Use environment variables, never hardcode
  • Use the status toggle - Disable keys temporarily instead of deleting

Security

Keep API keys private and never expose them in:

  • Client-side code
  • Public repositories
  • Log files or error messages
  • Documentation or screenshots